[Muscle] Impossible to crypt using MuscleTool

Karsten Ohme widerstand at t-online.de
Tue Mar 11 15:47:02 PDT 2008 

Amanda Ortega schrieb:
> I have created two pairs of keys:
> - Putting 0x0000 for all the ACLs (private key 0 and public key 2);
> - Putting the ACLs recommended by muscleTools when creating the keys 
> (private key 1 and public key 3).

The ACL for private keys should disallow at least read, only the usage 
should be allowed by PIN. Like  RSA PRIVATE CRT        1  1024 in your 
list. For the public key the settings in RSA PUBLIC        3  1024 are OK.

> 
> When I try to crypt using the first pair, I can't do anything. But when 
> I try to crypt using the second pair, I can crypt and decrypt, but the 
> result at the end isn't equal to the beginning.
> 
> I created the keys using the scheme that the public key number is always 
> 2 units greater then the private key, is it OK?

Should not matter.

> 
> Where can I obtain a documentation about the meaning of the ACLs?

It is a 16 bit mask. 0xFFFF means nobody can do it, 0x0000 always. Or I 
have mixed it the wrong way. Every bit in the 16 bit mask is for the PIN 
required to operate on the key, e.g. 0x0001 would allow PIN 1 to operate.

Regards,
Karsten
> 
> Amanda
> 
> 1)
> $ muscleTool
> MuscleCard shell - type "help" for help.
> muscleTool > tokens
>    1.    MuscleCard Applet
> 
> ListTokens Success.
> muscleTool > connect 1
> Connect Success.
> 
> 2)
> muscleTool [MuscleCard Applet] > listkeys
> 
>         Key Type  Key Num  SIZE
>  ---------------  -------  ----
>  RSA PRIVATE CRT        0  1024
> 
>             READ
>           ------
>           ALWAYS
> 
>            WRITE
>           ------
>           ALWAYS
> 
>              USE
>           ------
>           ALWAYS
> 
>         Key Type  Key Num  SIZE
>  ---------------  -------  ----
>  RSA PRIVATE CRT        1  1024
> 
>             READ
>           ------
>            NEVER
> 
>            WRITE
>           ------
>           PIN #1
> 
>              USE
>           ------
>           PIN #1
> 
>         Key Type  Key Num  SIZE
>  ---------------  -------  ----
>       RSA PUBLIC        2  1024
> 
>             READ
>           ------
>           ALWAYS
> 
>            WRITE
>           ------
>           ALWAYS
> 
>              USE
>           ------
>           ALWAYS
> 
>         Key Type  Key Num  SIZE
>  ---------------  -------  ----
>       RSA PUBLIC        3  1024
> 
>             READ
>           ------
>           PIN #1
> 
>            WRITE
>           ------
>           PIN #1
> 
>              USE
>           ------
>           ALWAYS
> 
> ListKeys Success.
> 
> 3)
> muscleTool [MuscleCard Applet] > verify 1
> 
> Enter PIN
> 'a' aborts this query.
> Enter PIN : 76543210
> VerifyPIN Successful
> muscleTool [MuscleCard Applet] > crypt  3
> 
> Would you like to:
> 0. Abort this selection.
> 1. Verify
> 2. Encrypt
> 
> Choose (0-2): 2
> 
> Please enter text to encrypt in hexadecimal ASCII (at most 1023 characters)
> Example: 30313233 for 0123
> 
> 'a' aborts this query.
> Enter text : 3031
> 
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with no padding
> 2. RSA with PKCS#1 padding
> 
> Choose (0-2): 1
> Result    : 
> 77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
> Crypt Successful.
> muscleTool [MuscleCard Applet] > crypt 1
> 
> Would you like to:
> 0. Abort this selection.
> 1. Sign
> 2. Decrypt
> 
> Choose (0-2): 2
> 
> Please enter text to decrypt in hexadecimal ASCII (at most 1023 characters)
> Example: 30313233 for 0123
> 
> 'a' aborts this query.
> Enter text : 
> 77018EBFF08214E606BD4D6BBE341007F69AF6A32675A9ED8394658491D2578BA2B7044C0CE18FC1770E044D93E61C572FB62B3E0EB8D4CCA92872055A2AB39E93C5E1E9109D6A9AC979ACF9A79CCD97E50D9DB3C8DF1733F0F4C9A29A1C9C1324ECA5F31E710C7DF58149F5F94861B2960CF6BEDAE151FC8CE17B064BE547F7
> 
> Select the algorithm:
> 0. Abort this selection.
> 1. RSA with no padding
> 2. RSA with PKCS#1 padding
> 
> Choose (0-2): 1
> Result    : 
> 7BAE4A30262F2110522759135CF5581BB818F8A44080ABCA4DEF7398535C13213F8668AB442D6FDC18B270C7881F23DCAC1F78415C455441F114A36F12C59F0411A2054E06FB393585B5214160CC7EA2DAED3CD4DCA93634C1D402B0AC22206B06BAA82036539489D79194B81C37EC7496D5AC68B984DEF5ED0FFC2FFBB1D8C8
> Crypt Successful.
> 
> 
> 2008/3/3, Michael StJohns <mstjohns at comcast.net 
> <mailto:mstjohns at comcast.net>>:
> 
>     Amanda -
> 
>     Using muscletools do
> 
>     1) Log yourself in (verify)
>     2) Do a "listkeys"
>     3) Try and do the signature again.
> 
>     Post the output of the above here.
> 
>     There are a number of possibilities - rather than randomly guessing,
>     perhaps we can help you interpret the output.
> 
> 
> 
> 
>     At 12:26 PM 3/3/2008, Amanda Ortega wrote:
>>     I didn't solve that problem, I am testing with version 0.9.8. I
>>     had already verified the PIN successfully...
>>
>>     Amanda
>>
>>     2008/3/3, Karsten Ohme <widerstand at t-online.de
>>     <mailto:widerstand at t-online.de> >:
>>
>>         Amanda Ortega schrieb:
>>
>>         > Hi!
>>         >
>>         > I have installed the applet CardEdge version 0.9.8 in my
>>         GemXpresso R3 card
>>         > and muscleTool version 2.1.0 in my PC.
>>
>>
>>         You have successfully installed the applet? What was the solution?
>>
>>
>>
>>         > I have already formatted the card and
>>         > created a pair of keys. When I try to crypt a text, an error
>>         happens. Here
>>         > is the output of muscleTool:
>>
>>
>>         You must verify to the applet, before you can use the private
>>         key to sign.
>>
>>         See the verify command, e.g. help or help verify in muscleTool.
>>
>>         Regards,
>>         Karsten
>>
>>         >
>>         > muscleTool [MuscleCard Applet] > crypt 1
>>         >
>>         > Would you like to:
>>         > 0. Abort this selection.
>>         > 1. Sign
>>         > 2. Decrypt
>>         >
>>         > Choose (0-2): 1
>>         >
>>         > Please enter text to sign in hexadecimal ASCII (at most 1023
>>         characters)
>>         > Example: 30313233 for 0123
>>         >
>>         > 'a' aborts this query.
>>         > Enter text : 30313233
>>         >
>>         > Select the algorithm:
>>         > 0. Abort this selection.
>>         > 1. RSA with MD5 hash and PKCS#1 padding
>>         >
>>         > Choose (0-1): 1
>>         > ERR: Crypt Failed ! (0x9C06 Unauthorized usage)
>>         > muscleTool [MuscleCard Applet] > muscleTool [MuscleCard Applet] >
>>         >
>>         > Why is happening this?
>>         >
>>         > Regards,
>>         > Amanda
>>         >
>>         >
>>         >
>>
>>         > ------------------------------------------------------------------------
>>         >
>>         > _______________________________________________
>>         > Muscle mailing list
>>         > Muscle at lists.musclecard.com <mailto:Muscle at lists.musclecard.com>
>>         > http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>         _______________________________________________
>>         Muscle mailing list
>>         Muscle at lists.musclecard.com <mailto:Muscle at lists.musclecard.com>
>>         http://lists.drizzle.com/mailman/listinfo/muscle
>>
>>
>>     _______________________________________________
>>     Muscle mailing list
>>     Muscle at lists.musclecard.com <mailto:Muscle at lists.musclecard.com>
>>     http://lists.drizzle.com/mailman/listinfo/muscle
> 
> 
>     _______________________________________________
>     Muscle mailing list
>     Muscle at lists.musclecard.com <mailto:Muscle at lists.musclecard.com>
>     http://lists.drizzle.com/mailman/listinfo/muscle
> 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Muscle mailing list
> Muscle at lists.musclecard.com
> http://lists.drizzle.com/mailman/listinfo/muscle

More information about the Muscle mailing list